squid3: multiple denial of service vulnerabilities [LWN.net]

Package(s):

squid3

CVE #(s):

CVE-2009-2622 CVE-2009-2621

Created:

August 10, 2009

Updated:

August 18, 2009

Description:

From the Mandriva advisory:

Due to incorrect buffer limits and related bound checks Squid is vulnerable to a denial of service attack when processing specially crafted requests or responses (CVE-2009-2621).

Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted responses (CVE-2009-2622).

Alerts:

Gentoo	201110-24	squid	2011-10-26
Fedora	FEDORA-2009-8327	squid	2009-08-07
Fedora	FEDORA-2009-8324	squid	2009-08-07
Mandriva	MDVSA-2009:161-1	squid	2009-08-08
Debian	DSA-1843-2	squid3	2009-08-09